Cybersecurity: When “Good Enough” Isn’t Enough

If superior cybersecurity technologies exist, there is a responsibility beyond corporate profits or government compliance standards that must expedite their use.

The new TV show CSI: Cyber offers a view of the complexities of cyber attack investigations, offering a glimpse into today's approach to cybersecurity, which is more of a whodunnit than a technological detection.CBS

From the new TV show CSI: Cyber, which offers a view of the complexities of cyber attack investigations, to the seeming insanity of a CEO talking to a CISO about a potential cyber breach, it seems today's cybersecurity approaches are more of a whodunit than a technological detection. Even the whodunit approaches are, at best, time consuming manual assumptions rather than technological real-time security detection of what has really happened.

Although this makes for a highly-viewed TV show, in reality, the current approaches of how we address cybersecurity are more a part of the problem than of the solution. Today we are throwing known ineffective technologies, lots of money and people at reactionary cyberattack approaches that are almost shameful in an information technology industry that created the term, "good enough."

By definition, the "good enough" principle is a rule for software and systems design. It indicates that consumers will use products that are good enough for their requirements, despite the availability of more advanced technology.

RELATED

Though this definition may technically work for the latest new gadget, perhaps we shouldn't be settling -- we don't want this "good enough" security technology in our cars, homes, banks, businesses, critical infrastructures or national defense systems. If superior cybersecurity technologies that greatly exceed current solutions exist, there is a responsibility beyond corporate profits or government compliance standards that must expedite their use.

The cybersecurity industry: Is it moving in the right direction?

The intriguing part: There's a general focus on technologies that detect cyberbreaches more quickly and accurately, which confirms the focus of both my previous article and a recent article in Fortune.It's comforting to see that security companies are realizing their solutions must detect breaches more quickly, and that where detection should occur is in the processes and application workflow events. Sadly, however, intended cybersecurity spending is going toward security networks rather than securing application level events, which is where hackers are clearly focusing.

The disturbing part: Some of these new start-up cyber companies are using high-end encryption, but as explained in my previous articles, criminals are actually using encryption to hide their activities and protect their on-demand exploit hacking capabilities. This is such a concern that separately, the FBI, Europol and Britain's MI6 expressed misgivings about technology companies using this method. Encryption has been under the microscope since Prime Minister David Cameron inferred that encryption should be banned. Encryption used properly is a good first line of network defense. The problem, however, is that the majority of cyberexploits are now focused at the application level -- and few IT people secure or monitor activity at this level.

At the second annual Cybersecurity Workforce Summit in Arlington, Va., FCC CIO David Bray was quoted as saying, "We do a lot on signature detection, how can we also move to be much more about behavior, so we can deal with unknowns?" A good example of signature detection is the new collaboration between IBM and TI on an embedded secure device identity. The problem is that we continue trying to secure things at the centralized hardware and software integration layers when we are operating in a distributed network-computing environment where the applications rule.

Current enterprise security architecture serially analyzes historical output system data log traces to discover if the organization's policies and procedures are in compliance. This enterprise security architecture was designed for centralized computing and is vulnerable to cyberintrusion attacks in the distributed network-computing environment in which we mainly operate today. Hackers know this, and that's why 84 percent of all cyber attacks occur on the distributed network computing application layer. Unfortunately, we do little in securing or managing these critical application events -- events that are the heart of today’s distributed network-computing processes. We must be at the right place at the right time if we are to achieve true cybersecurity. Though today we are not doing this, there are ways to achieve it.

Money can no longer trump security

As an adviser to startups with often superior cybersecurity technologies, I have pushed through layers of lab tests and standards groups only to find that status quo big businesses and big government are still playing catch up when it comes to cybersecurity. There are good reasons for this, and we can't just throw technologies out there without some form of investment coordination or technology oversight.

We must keep in mind, however, that we are embarking on a new industry called the Internet of Things (IoT) that has multiple standards and seemingly a disregard for cybersecurity. In the past, cybersecurity has taken a back seat to the next big thing. But with the potential of a billion devices and seemingly endless amounts of big and small data, the fix it later approach in cybersecurity must change. This time around, I don't think even first-to-market money will trump security, and there is good reason.

The CEO of Kaspersky Lab is warning about the upcoming dangers, calling the Internet of Things the "Internet of Threats." Symantec also warns of known IoT security issues. And IDC noted that within two years, 90 percent of all IT networks will have an IoT-based security breach, although many will be considered "inconveniences."

If IoT wants to be the trillion dollar industry that is projected, it must now be forced to address cybersecurity or people will not trust the products in their cars, homes, workplaces or critical infrastructures. When breaches start getting personal, people will stop using the products that caused or were the source of the breach. Cybersecurity technologies must address today’s security needs; we must find new approaches to secure the billions of devices headed our way in the near future. We know the problems, so now is the time to define true solutions rather than use temporary patch-and-pray bandages.

Walking securely through multiple digital ecosystems

In today's world, we secure cyberecosystems by giving employees authenticated access to the often-encrypted enterprise system. But most cyberbreaches are inside jobs. So an employee with authenticated access to the enterprise who walks into his or her place of business with a smartphone filled with thousands of apps that can, together or independently, connect to hundreds of other IoT devices is a danger. Some of the apps could be exploit tools he or she will use to breach the network.

Although these methods of cybersecurity are at times a deterrent to cyberbreaches, experienced hackers can use them to their advantage. There are many breach opportunities from this point thanks to the introduction of utility-integrated centralized networks and distributed network-computing environments. They, by design, offer hackers almost endless opportunities to initiate a breach. This is where today's cybersecurity technologies fail (and fail miserably), and where they will continue to fail by design. So where are we going wrong?

The point where security lies is where an organization's policy and procedure applications reside. Knowing this, all we must do is design and build cybersecurity applications that detect, manage and secure the events taking place in the distributed network-computing environment ecosystem.

Every ecosystem is different, as are the security policies and procedural applications that an ecosystem uses. We may have an IoT that does exactly the same thing from a software or hardware perspective, but will work or not work based on the ecosystem's policies and procedure workflows. By converting these workflow policies into an automated intrusion detection application, we can accept or reject event procedural workflow security policies as part (or not part) of the ecosystem. This must be done in microseconds if we are to beat the hacker while allowing billions of software, hardware and IoT devices to securely move seamlessly through multiple ecosystems. So how can we do this?

Focus on policy-centric not data-centric

Most organizations already have defined their expected security policies and procedures on how, when and what data/information can be exchanged by people, systems, devices or applications in their business environment. In fact, organizations such as the National Institute of Standards and Technology (NIST) have mandated compliance of these policies and procedures in areas such as critical infrastructure. Organizations have done a good job of targeting security policies and procedures in their workplaces and digital control systems, they just haven't deployed the right technologies to audit, manage and secure these process events in real time.

Today’s cybersecurity crisis stems from the fact that current data-centric 3rd- and 4th-generation programming language-based security products cannot detect real-time cyberintrusions in distributed network-computing applications, security policies and workflows. When it comes to security, current software products only accumulate logs into databases to perform data analytics, discovering wrong policy patterns. The wrong data patterns are added to a knowledge base to implement system patches in an attempt to detect future offences.

Digital Process Management 5th Generation Programming Language (5GL) uses your policies to define the right event patterns (methods and constraints) for conducting business according to policy, accurately determining the relationship between a condition or variable and a particular consequence with one event leading to another. 5GL displays anomalies and normal event transactions at machine speeds, with consolidated audit trails providing deep insights into business transactions. This cybersecurity paradigm shift instantly identifies events that do not follow the right pattern so you can respond immediately to proactively prevent/mitigate the cause and/effect of business impacts in real time.

Fifth-generation code-free software allows organizations to rapidly customize their cybersecurity applications to automatically detect and manage intrusions or flawed operations in security policies, workflows, applications and mobile apps in real time in today’s distributed computing environment. To solve the cybersecurity crisis, organizations must deploy 5GL security applications that are policy-centric not data-centric to prevent cyberintrusions. This is how we can be at the right place at the right time with cybersecurity technologies that will be, at the very least, “good enough” to stop a hacker before the damage is done -- not after.

Exceeding 'good enough'

How to achieve cybersecurity is baffling some of the world's most brilliant minds. Though there is much investment in cybersecurity, it's questionable whether they're for improvements to current methods or solid cybersolutions that will protect us today and prepare us for a much bigger digital connected future.

With cloud and IoT applications increasing by the billions, we must ready ourselves for all these applications while simultaneously playing catch-up with the current (and increasing) cyberattacks.

We have reached the point where current cybersecurity technologies cannot neither effectively nor rapidly address our increasingly connected world. The projected use of cloud and IoT applications exceeds all current Internet usage -- so we must build a security platform that can seamlessly allow the use of these technologies while protecting each and every other ecosystem within our digital communities.

Bottom line: We must exceed “good enough” security technologies and create completely new technologies -- that are ready and available today.